Skip to main content

Emissary Ingress

1 CVEs product

Monthly

CVE-2021-36371 LOW POC Monitor

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emissary Ingress
NVD GitHub
CVSS 3.1
3.7
EPSS
0.7%
EPSS 1% CVSS 3.7
LOW POC Monitor

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emissary Ingress
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy